First published: Thu Jul 16 2020(Updated: )
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Sd-wan Firmware | <=19.2.2 | |
Cisco 1100-4g Integrated Services Router | ||
Cisco 1100-4gltegb Integrated Services Router | ||
Cisco 1100-4gltena Integrated Services Router | ||
Cisco 1100-6g Integrated Services Router | ||
Cisco Vedge 100 | ||
Cisco Vedge 1000 | ||
Cisco Vedge 100b | ||
Cisco Vedge 100m | ||
Cisco Vedge 100wm | ||
Cisco Vedge 2000 | ||
Cisco Vedge 5000 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3401 is a vulnerability in the web-based management interface of Cisco SD-WAN vManage Software that allows an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.
CVE-2020-3401 affects Cisco SD-WAN vManage Software by allowing an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files.
CVE-2020-3401 has a severity rating of 6.5 (Medium).
CVE-2020-3401 affects Cisco SD-WAN vManage Software up to and including version 19.2.2.
To fix CVE-2020-3401, it is recommended to upgrade to a version of Cisco SD-WAN vManage Software that is not affected by the vulnerability.